[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: RE: LuaSocket: No way to protect against fuzzing attacks?
- From: "Dean Sellers" <dean.sellers@...>
- Date: Tue, 11 Oct 2011 19:47:52 +1000
> Unfortunately LuaSocket doesn't appear to provide any way to do this,
> other than (slowly!) reading one byte at a time.
I have been writing a TCP binding for a proprietry protocol for an
embeded device. It is basically an <STX> <ETX> framed message. The
device that I am getting data from may fragment the message across a few
TCP packets. There is a maximum message length defined.
In doing this I had a look at the lua socket source, as I had a similar
issue to you. I wanted a method that was 'return up to n bytes'. It
seemed though that byte by byte reading isn't too much of a penalty. The
kernel delivers a full tcp packet that lua socket buffers. Your (the
user's) read-a-byte calls just return bytes from the buffer that lua
socket already has, unless it is empty in which case read() is called on
the operating system.
At least this was how the unix side worked, my code will always run on
an embedded nix device so I didn't delve into the windows source.
So after a bit of testing my algorithm reads byte by byte until a
message is formed or the length is exceeded. The performance is
certainly acceptable for a system where 20-100 byte messages are
delivered at 25Hz.
In saying this it would be reasonably easy to add a 'return up to n
bytes' method to luasocket, I just figured for the small performance hit
I would stay with a more portable solution.